Wrote a function, it's working but don't know how to use it?

PHP
1

Hi Everyone,

I wrote a function for a login script. I tested the function and it’s working but when I include it on my website it’s not working. I’m not sure what I’m doing wrong. What do you guys think?

Thanks Everyone.

syntax for function

function loggeduser($name, $password){

  $name = mysql_real_escape_string($name);
  $password = mysql_real_escape_string($password);

  $password = sha1($password);

    // getting the ID here
	 $sql_id = mysql_query("SELECT * FROM practice WHERE name='$name' AND password='$password'");
     while($row = mysql_fetch_array($sql_id)){
     $id = $row["id"];
    }

	 $sql = ("SELECT id FROM practice WHERE name='$name' AND password='$password'");
     $result = mysql_query($sql) or die(mysql_error());
	
	 $count= mysql_num_rows($result);
	
	 if ($count == 1){
	 $_SESSION['authorized'] = true;
	 $_SESSION['id']; // <-- not sure if I need this?
	 $_SESSION['password'] = $password;
	 $_SESSION['name'] = $name;
	
	header("location:userspage.php");
	
	 /* echo 'This is the password = '."$password =>".'Don\\'t make a session password variable, that\\'s very stupid. I\\'m doing this for testing purposes.'.'<br>';
	 echo 'This is the name = '."$name <br>";
	 echo "If I'm seeing this I think I did it right <br>"; */
	
	 } else {
	   echo "Wrong username and password <br>";
	 }
}

login script

<?php
session_start();
include"connect_to_mysql3.php";
$loggedinuser = $_SESSION["id"];
$name = $_SESSION["name"];

// include 'edit-car-function-for-login.php';

 if (isset( $_POST['name'], $_POST['password'] )){

    $name = $_POST['name'];
	$password = $_POST['password'];
	
    $password = sha1($password);
	
	$name = mysql_real_escape_string($name);
    $password = mysql_real_escape_string($password);
	
	$sql_id = mysql_query("SELECT * FROM practice WHERE name='$name' AND password='$password'");
    while($row = mysql_fetch_array($sql_id)){
    $id = $row["id"];
    }
	
	$sql = ("SELECT id FROM practice WHERE name='$name' AND password='$password'");

	$result = mysql_query($sql);
	
	$count=mysql_num_rows($result);
	
	if($count==1){


    $_SESSION["name"] = $name;
    $_SESSION["id"] = $id;

   header("location:userspage.php");


   } else {
   echo "Wrong Username and Password.";
  }
}
2

What errors is PHP giving when it’s not working?

3

Presumably this is only a small part of the overall script as you haven’t shown any of the validation of the user or hashing of the password. You are also missing a whole range of other things that are needed in order to set up a login system - such as the pages for requesting to have a new temporary password emailed to you and one for confirming your email address before allowing the login to proceed.

4

Hi Guys,

Thanks for your responses. I appreciate them.

What errors is PHP giving when it's not working?

It’s actually not giving me any errors. When I type in my username and password and press “submit” the page itself submits to nothing.

This url link is the function I’m using. (syntax for function)
http://whatsmyowncarworth.com/class-work/sign3/edit-car-function-for-login2.php
It’s echoing out information so it must be working.

The url link below is the url for login.
http://whatsmyowncarworth.com/class-work/sign3/valchecklogin.php
user: password
pass: password

This is my entire syntax I’m using for the valchecklogin.php page

<?php
session_start();
include"connect_to_mysql3.php";
$loggedinuser = $_SESSION["id"];
$name = $_SESSION["name"];

include 'edit-car-function-for-login2.php';

 /* if (isset( $_POST['name'], $_POST['password'] )){

    $name = $_POST['name'];
	$password = $_POST['password'];
	
    $password = sha1($password);
	
	$name = mysql_real_escape_string($name);
    $password = mysql_real_escape_string($password);
	
	$sql_id = mysql_query("SELECT * FROM practice WHERE name='$name' AND password='$password'");
    while($row = mysql_fetch_array($sql_id)){
    $id = $row["id"];
    }
	
	$sql = ("SELECT id FROM practice WHERE name='$name' AND password='$password'");

	$result = mysql_query($sql);
	
	$count=mysql_num_rows($result);
	
	if($count==1){


    $_SESSION["name"] = $name;
    $_SESSION["id"] = $id;

   header("location:userspage.php");


   } else {
   echo "Wrong Username and Password.";
  }
} */


?>

<?php
include 'header.php';
?>

<?php

  if ($loggedinuser == true){

  echo "Hi $name, your logged in! <br>";

  echo "<p><a href=\\"http://whatsmyowncarworth.com/class-work/sign3/logout.php\\">Log Out</a></p>";


} else {


  echo '<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="valchecklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="name" type="text" id="name"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
<tr>


<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>

</form>
</tr>
</table>';



}
?>

<?php
include 'footer.php';
?>
5

It’s working fine for me. Clear your sessions and cookies.